Date: Wed, 5 Jan 2011 14:54:57 -0700
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: patch directory traversal flaw
We got a heads up on a directory traversal flaw in patch. I don't think
a CVE name has been assigned to it; could we get one? It allows for the
creation of arbitrary files in unexpected places due to the use of '..'.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=667529http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html
Thanks.
--
Vincent Danen / Red Hat Security Response Team